Reverse shell access with Netcat for remote debugging of devices

Problem

In real-world development projects, prototypes are also required to be tested and improved in the actual environment before they are brought to market and used in actual deployment.

However, one problem that may arise is that the actual environment in which the tests are deployed is a certain distance from the office, even in different cities. When the application service exception hangs, there is no way to probe the actual situation of the device.

If you are in the office, you can access it based on LAN SSH login, or even login based on debug serial port. Because the device is remote, it is not possible to log in directly via SSH.

Basic concepts

The "login" we said above actually refers to the Linux shell login system. The reverse shell that you are going to introduce below is a technology based on the Linux shell. This first introduces this concept and the similar concept of bind shell.

Bind Shell

The bind shell is a user that uses bash to bind the shell to a local port so that the external system can send shell commands here based on the network. itself here is as a service-side receive command. Note, however, that this requires the external system to have network support to access the system, so it is generally within the same LAN.

Reverse Shell

The reverse shell is a client that sends its own shell to a particular remote system. Although the shell commands are received and executed over the network at the bottom, this "reverse" approach applies to different network environments. As the initiator of network communication, the local terminal device can actively connect to the remote server, let the server "log on" and execute the shell command.

Resolution NETCAT Compilation

Download Source: https://sourceforge.net/projects/netcat/

Compiling for the x86 platform

./configure --prefix=/home/jack/others/netcat-0.7.1/netcatmakemake install

Compilation for ARM platform (take OMAPL138 as an example)

source /home/jack/omapl138/ti/mcsdk_1_01_00_02/linux-devkit/environment-setup./configure --prefix=/home/jack/others/netcat-0.7.1/netcat --host=arm-arago-linux-gnueabimakemake install

The resulting file is netcat in the current directory.

The use of Netcat first starts monitoring on the server

nc -l -p 8089 -vvv

The 8089 port number can be arbitrarily assigned an unused one.

Initiating a reverse shell on the device side

./netcat/bin/netcat -e /bin/sh 192.168.1.60 8089

IP is the server-side IP, and the port number is consistent with server-side monitoring. Here the IP is the server's public network IP.

This allows the device side to execute shell commands on the server side.

Asynchronously initiating a reverse shell

In Project practice we used MQTT, and the client and the server remained connected. Then we let each device subscribe to the corresponding reverse shell theme, the server can send a device corresponding to the subject when needed, let it initiate a netcat reverse shell connection. Of course, the service needs to start the corresponding Netcat listening port beforehand.

In this way, the equivalent of logging on to this device, you can do the necessary debugging operations.

Reference

17756203

Rio Jeliang-2018-9-4

Reverse shell access with Netcat for remote debugging of devices